Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty

A security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets.

GMX, a prominent perpetual futures trading platform built on blockchain technology, relies on its V1 protocol for liquidity provision through its GLP (GMX Liquidity Provider) token.

The flaw, which could have exposed up to $42 million in funds belonging to GLP holders, was identified and mitigated through the ethical intervention of a white-hat hacker.

This individual, operating under the Ethereum address 0xDF3340A436c27655bA62F8281565C9925C3a5221, played a pivotal role in recovering the at-risk assets, demonstrating the critical importance of community-driven security in blockchain networks.

By notifying GMX’s security team and facilitating the safe return of the funds, the hacker not only prevented a potential catastrophe but also highlighted the evolving dynamics of bug bounties in the crypto space.

White-Hat Hacker Secures Funds

The vulnerability in question stemmed from a subtle weakness in the GMX V1 smart contract architecture, which governs the platform’s decentralized exchange mechanisms.

There was a security vulnerability in the GMX V1 codebase that was disclosed. GMX V1 forks were also safely notified.

We would like to recognise the actions of 0xDF3340A436c27655bA62F8281565C9925C3a5221 in this recovery. A potential exploitable amount of $42 million belonging to…

— GMX (@GMX_IO) July 11, 2025

Specifically, it involved exploitable logic in the handling of liquidity pools and position management, potentially allowing malicious actors to drain funds from the GLP pool through sophisticated attack vectors such as flash loan manipulations or reentrancy exploits.

Upon discovery, the GMX team promptly alerted forks of the V1 codebase independent projects that have adapted GMX’s open-source code for their own protocols ensuring a coordinated response across the ecosystem.

This proactive disclosure underscores the principles of transparency and collaboration that underpin DeFi, where code audits and community vigilance are essential to maintaining trust.

The white-hat hacker’s involvement transformed what could have been a devastating exploit into a controlled recovery operation, securing the $42 million in a manner that preserved the integrity of the GLP holders’ positions.

Path to Fund Distribution

As recognition of these efforts, GMX awarded the hacker a substantial $5 million bounty, a move that aligns with industry best practices for incentivizing ethical disclosures.

This bounty was deducted from the recovered funds, leaving the remainder securely held in the GMX Security Multisig a multi-signature wallet requiring multiple approvals for transactions, which adds an extra layer of protection against unauthorized access.

Multisig setups like this are a cornerstone of DeFi security, distributing control among trusted parties to mitigate single points of failure.

According to the Report, The transaction not only rewarded the hacker’s integrity but also set a positive precedent for future vulnerability reports, potentially encouraging more white-hat activities in an industry often plagued by black-hat exploits.

Looking ahead, GMX contributors are diligently crafting a distribution plan for the reclaimed funds, which will be presented to the GMX DAO (Decentralized Autonomous Organization) for community approval.

DAOs, powered by token-based governance, allow stakeholders to vote on proposals, ensuring decentralized decision-making.

This plan is expected to outline equitable restitution for affected GLP holders, possibly involving pro-rata distributions or liquidity injections to stabilize the protocol. Details will be shared imminently, fostering anticipation within the community.

This incident, while highlighting risks in legacy codebases like GMX V1, also showcases the resilience of DeFi through rapid response and innovative recovery mechanisms.

It serves as an engaging reminder of how blockchain’s open nature can turn potential disasters into triumphs of collaboration, ultimately strengthening the ecosystem for all participants.

As the crypto world continues to evolve, stories like this blend high-stakes drama with technical prowess, keeping enthusiasts on the edge of their seats while reinforcing the value of ethical hacking.

Stay Updated on Daily Cybersecurity News. Follow us on Google News, LinkedIn, and X.

Source link